mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-19 19:22:14 +02:00
functions.inc.php, function pacrypt:
- added dovecotpw encryption support (patch from cmuelle8 (trendypack) + some fixes from me, see tracker for details) https://sourceforge.net/tracker2/?func=detail&aid=2607332&group_id=191583&atid=937966 - replaced most "if" with "elseif" to be able to check for invalid $CONF[encrypt] settings - added error check/message for invalid $CONF[encrypt] settings config.inc.php: - $CONF[encrypt]: added description for dovecot:xy - added new $CONF['dovecotpw'] setting (path to dovecotpw binary) git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@580 a1433add-5e2c-0410-b055-b7f2511e0802
This commit is contained in:
parent
87461233d9
commit
af702c05e1
@ -90,6 +90,7 @@ $CONF['smtp_port'] = '25';
|
||||
// cleartext = clear text passwords (ouch!)
|
||||
// mysql_encrypt = useful for PAM integration
|
||||
// authlib = support for courier-authlib style passwords
|
||||
// dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5
|
||||
$CONF['encrypt'] = 'md5crypt';
|
||||
|
||||
// In what flavor should courier-authlib style passwords be enrypted?
|
||||
@ -98,6 +99,9 @@ $CONF['encrypt'] = 'md5crypt';
|
||||
// crypt = {crypt} + Standard UNIX DES-enrypted with 2-character salt
|
||||
$CONF['authlib_default_flavor'] = 'md5raw';
|
||||
|
||||
// If you use the dovecot encryption method: where is the dovecotpw binary located?
|
||||
$CONF['dovecotpw'] = "/usr/sbin/dovecotpw";
|
||||
|
||||
// Minimum length required for passwords. Postfixadmin will not
|
||||
// allow users to set passwords which are shorter than this value.
|
||||
$CONF['min_password_length'] = 5;
|
||||
|
@ -1151,11 +1151,11 @@ function pacrypt ($pw, $pw_db="")
|
||||
$password = md5crypt ($pw, $salt);
|
||||
}
|
||||
|
||||
if ($CONF['encrypt'] == 'md5') {
|
||||
elseif ($CONF['encrypt'] == 'md5') {
|
||||
$password = md5($pw);
|
||||
}
|
||||
|
||||
if ($CONF['encrypt'] == 'system') {
|
||||
elseif ($CONF['encrypt'] == 'system') {
|
||||
if (ereg ("\$1\$", $pw_db)) {
|
||||
$split_salt = preg_split ('/\$/', $pw_db);
|
||||
$salt = $split_salt[2];
|
||||
@ -1171,13 +1171,13 @@ function pacrypt ($pw, $pw_db="")
|
||||
$password = crypt ($pw, $salt);
|
||||
}
|
||||
|
||||
if ($CONF['encrypt'] == 'cleartext') {
|
||||
elseif ($CONF['encrypt'] == 'cleartext') {
|
||||
$password = $pw;
|
||||
}
|
||||
|
||||
// See https://sourceforge.net/tracker/?func=detail&atid=937966&aid=1793352&group_id=191583
|
||||
// this is apparently useful for pam_mysql etc.
|
||||
if ($CONF['encrypt'] == 'mysql_encrypt')
|
||||
elseif ($CONF['encrypt'] == 'mysql_encrypt')
|
||||
{
|
||||
if ($pw_db!="") {
|
||||
$salt=substr($pw_db,0,2);
|
||||
@ -1189,7 +1189,7 @@ function pacrypt ($pw, $pw_db="")
|
||||
$password = $l[0];
|
||||
}
|
||||
|
||||
if ($CONF['encrypt'] == 'authlib') {
|
||||
elseif ($CONF['encrypt'] == 'authlib') {
|
||||
$flavor = $CONF['authlib_default_flavor'];
|
||||
$salt = substr(create_salt(), 0, 2); # courier-authlib supports only two-character salts
|
||||
if(ereg('^{.*}', $pw_db)) {
|
||||
@ -1210,6 +1210,36 @@ function pacrypt ($pw, $pw_db="")
|
||||
}
|
||||
}
|
||||
|
||||
elseif (preg_match("/^dovecot:/", $CONF['encrypt'])) {
|
||||
$split_method = preg_split ('/:/', $CONF['encrypt']);
|
||||
$method = strtoupper($split_method[1]);
|
||||
if (! preg_match("/^[A-Z0-9-]+$/", $method)) { die("invalid dovecot encryption method"); } # TODO: check against a fixed list?
|
||||
|
||||
$dovecotpw = "dovecotpw";
|
||||
if (!empty($CONF['dovecotpw'])) $dovecotpw = $CONF['dovecotpw'];
|
||||
|
||||
// prevent showing plain password in process table
|
||||
$prefix = "postfixadmin-";
|
||||
$tmpfile = tempnam('/tmp', $prefix);
|
||||
$pipe = popen("'$dovecotpw' -s '$method' > '$tmpfile'", 'w'); # TODO: replace tempfile usage with proc_open call
|
||||
|
||||
if (!$pipe) {
|
||||
unlink($tmpfile);
|
||||
} else {
|
||||
// use dovecot's stdin, it uses getpass() twice
|
||||
fwrite($pipe, $pw . "\n", 1+strlen($pw)); usleep(1000);
|
||||
fwrite($pipe, $pw . "\n", 1+strlen($pw));
|
||||
pclose($pipe);
|
||||
$password = file_get_contents($tmpfile);
|
||||
if ( !preg_match('/^\{' . $method . '\}/', $password)) { die("can't encrypt password with dovecotpw"); }
|
||||
$password = trim(str_replace('{' . $method . '}', '', $password));
|
||||
unlink($tmpfile);
|
||||
}
|
||||
}
|
||||
|
||||
else {
|
||||
die ('unknown/invalid $CONF["encrypt"] setting: ' . $CONF['encrypt']);
|
||||
}
|
||||
|
||||
$password = escape_string ($password);
|
||||
return $password;
|
||||
|
Loading…
Reference in New Issue
Block a user